Public Sector Internal Audit Standards
Applying the IIA International Standards to the UK Public Sector
Issued by the Relevant Internal Audit Standard Setters:
In collaboration with:
Applying the IIA International Standards to the UK Public Sector
Public Sector Internal Audit Standards
Updated March 2017
ISBN 978-1-84508-481-3
Permission has been obtained from the copyright holder, The Institute of Internal Auditors, 247 Maitland Ave, Altamonte Springs, Florida 32701-4201, USA. The concepts enunciated in the original IPPF have been preserved in this version.
Contents
Section 1 Introduction 4
Section 2 Applicability 7
Section 3 Mission of Internal Audit 9
Section 4 Definition of Internal Auditing 10
Section 5 Core Principles for the Professional Practice of Internal Auditing 11
Section 6 Code of Ethics 12
Section 7 Standards 15
Attribute Standards 15
Purpose, authority and responsibility 15
Independence and objectivity 16
Proficiencyanddueprofessionalcare 18
Quality assurance and improvement programme 20
Performance Standards 23
Managing the internal audit activity 23
Nature of work 25
Engagement planning 27
Performing the engagement 29
Communicating results 30
Monitoring progress 33
Communicating the acceptance of risks 33
Glossary 34
Public Sector Internal Audit Standards 3
SECTION 1
IntroductionA professional, independent and objective internal audit service is one of the key elements of good governance, as recognised throughout the UK public sector.
Thisdocumentisthereforeaddressedtoaccountingofficers,accountableofficers,boardandauditcommittee members, heads of internal audit, internal auditors, external auditors and other stakeholders suchaschieffinancialofficersandchiefexecutives.
Framework overviewThe Relevant Internal Audit Standard Setters (RIASS)1 have adopted this common set of Public Sector Internal Audit Standards (PSIAS) from 1 April 2017. The PSIAS encompass the mandatory elements of the Institute of Internal Auditors (IIA) International Professional Practices Framework (IPPF) as follows:
DefinitionofInternalAuditing
Code of Ethics, and
International Standards for the Professional Practice of Internal Auditing (including interpretations and glossary).
Additional requirements and interpretations for the UK public sector have been inserted in such a way as to preserve the integrity of the text of the mandatory elements of the IPPF.
Theoverarchingprincipleborneinmindwhenallpotentialpublicsectorinterpretationsand/orspecificrequirements were considered was that only the minimum number of additions should be made to the existing IIA Standards. The criteria against which potential public sector requirements were judged for inclusion were:
where interpretation is required in order to achieve consistent application in the UK public sector
where the issue is not addressed or not addressed adequately by the current IIA Standards, or
where the IIA standard would be inappropriate or impractical in the context of public sector governance(takingintoaccount,forexample,anyfundingmechanisms,specificlegislationetc).
At the same time, the following concepts were also considered of each requirement or interpretation being proposed:
materiality
relevance
necessity, and
integrity (the additional commentary does not cause inconsistency elsewhere).
1 The Relevant Internal Audit Standard Setters are: HM Treasury in respect of central government; the Scottish Government, the Department of Finance Northern Ireland and the Welsh Government in respect of central government and the health sector in their administrations; the Department of Health in respect of the health sector in England (excluding Foundation Trusts); and the Chartered Institute of Public Finance and Accountancy in respect of local government across the UK.
4 Public Sector Internal Audit Standards
Wherever reference is made to the International Standards for the Professional Practice of Internal Auditing, this is replaced by the PSIAS. Chief audit executives are expected to report conformance on the PSIAS in their annual report.
Purpose of the PSIASThe objectives of the PSIAS are to:
definethenatureofinternalauditingwithintheUKpublicsector
set basic principles for carrying out internal audit in the UK public sector
establish a framework for providing internal audit services, which add value to the organisation, leading to improved organisational processes and operations, and
establish the basis for the evaluation of internal audit performance and to drive improvement planning.
Additional guidance is a matter for the RIASS.
ScopeThe PSIAS apply to all internal audit service providers, whether in-house, shared services or outsourced.
AllinternalauditassuranceandconsultingservicesfallwithinthescopeoftheDefinitionofInternalAuditing (see section 3). The provision of assurance services is the primary role for internal audit in the UK public sector. This role requires the chief audit executive to provide an annual internal audit opinion based on an objective assessment of the framework of governance, risk management and control. Consultingservicesareadvisoryinnatureandaregenerallyperformedatthespecificrequestofthe
organisation, with the aim of improving governance, risk management and control and contributing to the overall opinion.
The Code of Ethics promotes an ethical, professional culture (see section 4). It does not supersede or replace internal auditors own professional bodies Codes of Ethics or those of employing organisations. Internal auditors must also have regard to the Committee on Standards of Public Lifes Seven Principles of Public Life.
In common with the IIA IPPF on which they are based, the PSIAS comprise Attribute and Performance Standards. The Attribute Standards address the characteristics of organisations and parties performing internal audit activities. The Performance Standards describe the nature of internal audit activities and provide quality criteria against which the performance of these services can be evaluated. While the Attribute and Performance Standards apply to all aspects of the internal audit service, the Implementation Standardsapplytospecifictypesofengagementsandareclassifiedaccordingly:
Assurance (A) and
Consulting (C) activities.
The StandardsemploytermsthathavebeengivenspecificmeaningsthatareincludedintheGlossary.
Public Sector Internal Audit Standards 5
Key governance elementsWithin the PSIAS, the terms board and senior management need to be interpreted in the context of the governance arrangements within each UK public sector organisation, as these arrangements vary in structure and terminology between sectors and from one organisation and the next within in the same sector.
It is also necessary for the chief audit executive to understand the role of the accounting or accountable officer,chieffinancialofficer,chiefexecutive,theauditcommitteeandotherkeyofficersorrelevantdecision-making groups as well as how they relate to each other. Key relationships with these individuals andgroupsaredefinedforeachinternalauditservicewithinitscharter.
6 Public Sector Internal Audit Standards
SECTION 2
Applicability
The Relevant Internal Audit Standard Setters for the various parts of the UK public sector are shown below, along with the types of organisations in which the PSIAS should be applied.
SECTOR / RELEVANT INTERNAL AUDIT STANDARD SETTER
Central Government
NHS
Local Government
CIPFA UK
Local authorities.
England and Wales only
TheOfficeofthePoliceand Crime Commissioner, constabularies,fireauthorities,fireandrescue services, National Park authorities, joint committees and joint boards in the UK.
Scotland only
Integration joint boards and Strathclyde Partnership for Transport.
HM Treasury UK*
Government departments and their executive agencies and non-departmental public bodies.
Department of Health
England
Clinical Commissioning Groups. NHS Trusts.
Public Sector Internal Audit Standards 7
SECTOR / RELEVANT INTERNAL AUDIT STANDARD SETTER
Central Government
NHS
Local Government
Scottish Government
Scotland
The Scottish Government, the Crown OfficeandProcuratorFiscal Service, Executive Agencies and non- ministerial departments, non-departmental public bodies, public corporations, the Scottish Parliament Corporate Body and bodies sponsored / supported by the Scottish Government and the Scottish Parliament Corporate Body.
Scotland
NHS Boards, Special NHS Boards, NHS Board partnership bodies in the public sector (eg joint ventures, Community Health Partnerships etc), NHS Board subsidiaries.
Welsh Government
Wales
The Welsh Government, executive agencies and non-ministerial departments, Welsh Government sponsored bodies, public corporations, the National Assembly for Wales and bodies sponsored/supported by the Welsh Government and the National Assembly for Wales.
Wales
Health Boards and Trusts.
Northern Ireland Executive: Department of Finance (NI)
Government departments, executive agencies, non-ministerial departments, non-departmental public bodies, NI health and social care bodies and other relevant sponsored bodies.
* Unless the body falls under the jurisdiction of the devolved governments.
8 Publi
